Re: probably an easy routing question, so please help
- From: "pk" <philip.kluss@xxxxxxxxx>
- Date: Thu, 17 May 2007 16:14:57 -0500
I've just realized that VLANs don't just divide subnets, they also COMBINE
subnets. I don't actually want my 4 IP blocks separate for any reason, so
there's no reason I can't just combine them into a singular VLAN with my
existing switches, right? As far as I can tell (until I decide that I want
more than one VLAN to communicate with each other without contacting the
router) I won't need to use a Layer 3 switch at all. Is that correct? If
that's the case, my life got a whole lot easier, even though it would be fun
to play around with a Layer 3 switch!
pk
"stephen" <stephen_hope@xxxxxxxxxxxx> wrote in message
news:HW23i.33$qQ1.10@xxxxxxxxxxxxxxxxxxxxxxx
"pk" <philip.kluss@xxxxxxxxx> wrote in message
news:f2i9ls$ljh$1@xxxxxxxxxxx
I was all ready to purchase a Layer 3 switch and start testing this setup
when I came across some Cisco documentation and discovered this little
gem
from the "Routers and Layer 3 Switching" section of the document.
http://www.cisco.com/warp/public/473/lan-switch-cisco.shtml#prereq
It states, in no uncertain terms, "Note: Routers are necessary for
communication between two VLANs."
more accurately - a routing is needed. A layer 3 switch is really a
hardware
based router - so you are covered.
with
Is that true? This throw a serious kink in my plans. I need to use
VLANs
in order to be able to simulate transparent mode with multiple subnets
my Sonicwall 3060.
VLANs might complicate what you end up doing - it sounds like the default
gateway on each device needs to "point" to the firewall for the outside
world, but local comms goes via the L3 switch.
However - it tends to be easier in a routed network to offload route
management and path selection to a routing device, and let that sort out
what goes where.
then you only need to configure the L3 switch to alter the routing if you
change things, not every device.
but it sounds like your firewall might not like that arrangement, so i
suggest you sort how the firewall and a "router" need to interact before
finalising the design.
For the record, I have 4 IP blocks (three /28s and one
/27). I do not want to deal with NATing this many addresses. Is a Layer3
switch STILL going to pass my VLAN traffic up to the router?
No - or not if you design it properly.
This is
killing me.networks
Thanks for all the help so far.
pk
"stephen" <stephen_hope@xxxxxxxxxxxx> wrote in message
news:RpX2i.58$oX4.52@xxxxxxxxxxxxxxxxxxxxxxx
"Trendkill" <jpmason@xxxxxxxxx> wrote in message
news:1179328714.470756.105670@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 16, 9:57 am, pk <philip.kl...@xxxxxxxxx> wrote:
On May 15, 2:55 pm, Trendkill <jpma...@xxxxxxxxx> wrote:
On May 15, 3:33 pm, pk <philip.kl...@xxxxxxxxx> wrote:
I'm not routing master, so this might be obvious, but I've been
curious about the answer to this question. Say an individual
was
issued two IP blocks from their ISP.
IP Block 1 : 123.123.123.0 /28
IP Block 2 : 123.123.123.128 /28
If the individual doesn't really care to separate the two
insteadfor
any reason and was just unfortunately issued two /28 blocks
andof
sufferone /27 block, isn't the link between the two networks going to
theunnecessarily? For instance, if Server A located in Block 1 is
plugged into the same gigabit switch as Server B in Block 2 and
they
want to initiate a file transfer, they are required to run out
to
default gateway (ISPs router) through a T1 (perhaps) connection
directlyback in when it would have been much faster for them to go
rightfulto
case,the other's gigabit ethernet port on the switch? If this is the
would this be remedied, albeit poorly, by just subnetting both
of
these ranges together into one giant class C address range? (I
understand fully that they wouldn't be able to access the
wouldowners of the rest of the IP addresses in that range as they
getthesearch on their local LAN for them and time out, but this is a
hypothetical situation and only serves to educate myself on the
concept.) That said, how SHOULD this be handled in order to
keep
connection between the subnets optimal?
I'm quite sure that I'm missing some key concepts here, so
please
be
kind and explain them to me.
Thanks.
pk
Provided both of those networks are off the same edge router, and
routing is enabled, the traffic will not have to go across the
WAN/
Internet link, and will instead route to the directly connected
network. This should work without issue.
OK, that makes sense, but if the uplink is coming out of the switch
from a 10Mb link to the router and the computers are both hooked
into
gigabit ports then it is a big difference right? There's no way for
that switch to be a bit smarter (without turning into a router) and
not run out the 10Mb port to the router with all of its traffic,
correct? Whereas before they would have transferred at gigabit
rate,
they now will be 100 times slower?
Technically yes you are correct. Unless you have a L3 switch or a
router with gig ports, you will potentially have limits for any
bandwidth going inter VLAN. I've been trying to think through your
option of running a /24 behind the scenes and simply not addressing
nodes in the two networks you don't own.
you can use proxy ARP to do this. i leant this trick on Bay / Nortel
kit
which was really good at it, but it works on Cisco as well.
both /28s are configured on the same Enet port, with proxy ARP enabled.
end stations are set up to use the overall /24.
The router then lets local ARP take care of traffic between the 2 /28s,
but
will respond to ARP reqs for addresses on other parts of the /24.
Once the ARP table is pointing at the correct device, then IP packets
givesent to the right place - result is the router has a bit more
broadcasts
to
handle, but the local traffic doesnt need to "touch" the router.
I'm not really sure if this
would work or not, as it your router technically would have to
advertise the /24, unless of course you could use distribution lists
or something to split it up as necessary. I think your best bet is to
sit down and really analyze your servers/nodes and come up with a
design that keeps your high traffic boxes on one switch/subnet or the
other. I doubt you have 126 boxes that are the same application, etc,
and probably could be split into some kind of logical groups by high
traffic. Thus ensuring that intra VLAN traffic is maximized, and
inter-vlan traffic is minimized. If you do have a server (database or
such) that is central to both networks, perhaps its better to just
dual home it to each network. All depends on your requirements......
Personally i prefer a L3 switch - a single Catalyst 3560 or 3750 will
isyou enough ports for both /28s.
if you have enough servers to need 2 x /28, then paying for the switch
stephen_hope@xxxxxxxxxxxx - replace xyz with ntlgoing to be trivial. And if you dont need lots of servers, then redo
the
design to use NAT and reduce the number of needed addresses.
clever system designs can be great, but follow on work often hits side
effects, or the next engineer to do changes doesnt understand and
breaks
the
design....
--
Regards
stephen_hope@xxxxxxxxxxxx - replace xyz with ntl
.
- Follow-Ups:
- Re: probably an easy routing question, so please help
- From: Aaron Leonard
- Re: probably an easy routing question, so please help
- References:
- probably an easy routing question, so please help
- From: pk
- Re: probably an easy routing question, so please help
- From: Trendkill
- Re: probably an easy routing question, so please help
- From: pk
- Re: probably an easy routing question, so please help
- From: Trendkill
- Re: probably an easy routing question, so please help
- From: stephen
- Re: probably an easy routing question, so please help
- From: pk
- Re: probably an easy routing question, so please help
- From: stephen
- probably an easy routing question, so please help
- Prev by Date: BCMSN 642-821 exam
- Next by Date: ASA 5510 as a router?
- Previous by thread: Re: probably an easy routing question, so please help
- Next by thread: Re: probably an easy routing question, so please help
- Index(es):
Relevant Pages
|
